CVE-2021-34797

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-34797
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34797.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-34797
Aliases
Published
2022-01-04T09:15:07Z
Modified
2024-10-12T07:43:05.719313Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.

References

Affected packages

Git / github.com/apache/geode

Affected ranges

Type
GIT
Repo
https://github.com/apache/geode
Events
Introduced
79de6fd5232e2e0a79faa1e5c03cb0caf9ed514d
Last affected
4984b0434dde8e065d5392f5818239e9041c72b2
Last affected
d5f3108caf9056889a14e18555b16d39d2e668aa

Affected versions

rel/v1.*

rel/v1.13.0
rel/v1.13.1
rel/v1.13.2
rel/v1.13.3
rel/v1.13.4